<plugin_id>134</plugin_id>
<plugin_name>NetAsq IPS-Firewall management port tcp-1300 detection</plugin_name>
<plugin_family>Firewalls</plugin_family>
<plugin_created_date>2004/09/02</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/13</plugin_updated_date>
<plugin_version>1.1</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>1300</plugin_port>
<plugin_procedure_detection>open|sleep|send ATK\n|sleep|send QUIT\n|close|pattern_exists *200 code=[0-9]* OR *103 code=[0-9]*</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>Check is adapted from the Nessus plugin (see Nessus ID listed in the sources).</plugin_comment>
<bug_affected>NetAsq IPS-Firewalls</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>The remote host seems to be a NetAsq ISP-Firewall with port tcp/1300 open to allow the Firewall Manager tool to remotely configure it. Letting attackers know that you are using a NetAsq will help them to focus their attack or will make them change their strategy. </bug_description>
<bug_solution>The service should be deactivated or de-installed if not necessary. To make it harder to find the server the daemon could be configured to listen at another port (e.g. 1400). Try to prevent unwanted connection attempts by filtering traffic with firewalling.</bug_solution>
<bug_fixing_time>Approx. 30 minutes</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>3</bug_popularity>
<bug_simplicity>6</bug_simplicity>
<bug_impact>5</bug_impact>
<bug_risk>4</bug_risk>
<bug_nessus_risk>Low</bug_nessus_risk>
<bug_check_tool>Nessus is able to do a similar check.</bug_check_tool>
<source_nessus_id>14378</source_nessus_id>
<source_literature>Building Internet Firewalls, Elizabeth D. Zwicky, Simon Cooper and D. B. Chapman, September 1, 2000, O'Reilly & Associates, ISBN 1565928717, 2nd edition</source_literature>
<source_misc>http://www.netasq.com</source_misc>